ACC WITH: Global Women in Law

20160621_172608Tonight, a dream came true. A vision took form.

The Association of Corporate Counsel (the organization for in-house attorneys with about 40,000 members worldwide) launched their global initiative supporting women attorneys.

It all started with one question “Does the ACC offer programming for women?” The answer was no, but we should. And two years later, here we are. In the brilliant hands of Jennifer Chen, the Director of the ACC Foundation, this program has not only been put in place, it has grown wings.

It took a cadre of amazing ACC attorneys (Tracy Stanton, Jennifer Mailander, Katia Bloom, and many others) along with the ACC (Veta Richardson, Tori Payne, and also many others) to share the vision and take actionable steps to make it happen. Last October, we did a soft launch of WITH at the ACC Annual Meeting, where we held a breakfast with inspiring, accomplished women attorneys. We did surveys, wrote articles, developed toolkits, and spread the word.

That word resulted in honoring three women tonight who have truly forged the path and had a vision and a plan long before us: Irina Bokova, Director-General, UNESCO; Gloria Santona, Executive Vice President, General Counsel and Secretary, McDonald’s Corporation; and Charisse R. Lillie, Fellow and Vice President of Community Investment
Comcast Corporation, Executive Vice President, Comcast Foundation. The fabulous Sunny Hostin, Senior Legal Correspondent & Analyst, ABC News led the discussion, which touched on many key points – mentoring and having a sponsor for one’s career, situations in which they noted “this is what it means to be a woman in the legal field,” salary, plans, and advice. They held the room enthralled – about 200 attendees all nodded their heads in agreement and there were more than a few “yeah. Yeah!” heard around the room.

And this was after David Nabarro, Special Adviser to the United Nations Secretary-General on the 2030 Agenda for Sustainable Development and Climate Change inspired the room with his talk on the 17 goals in the 2030 Agenda – and how many are related to the empowerment of women.  Knowing that 193 countries are committed to seeing women empowered is simply incredible.

And the room was not just women. There were many men present as well – as it should be. Men are a critical component if women are to “live under the sky” (as opposed to breaking the glass ceiling in a few spots here and there).

We all hope to see this field equalized and celebrate the difference that women make. One thing Irina said really resonated with the audience. When a woman reaches a certain position or role, there are high expectations – people are watching. She must do an exceptional job and far surpass expectations. Yet men in the same role are only expected to do the job. They don’t need to surpass expectations, no one is “watching.” At some point, we – as women – want to be average. Let us simply do the job. Because we can. But it is really hard to always exceed expectations that are only set for one half of the profession. Hitting a metric that should not exist is simply unreasonable.

We are excited about our next steps. And we welcome you to the effort. We have a huge initiative in place with Diversity Lab and the onRamp  Fellowships. Caren Ulrich Stacy, the founder, is truly a giant among giants (I think I fell a little in love with her). Five corporate powers have signed on to her program to help women re-enter the legal workforce.

You know you want to be WITH us. Feel free to contact me or the ACC Foundation to learn more.



FTC tireless on Consumer Beat….

The tweets and shares this morning were frequent and deluged with the recent ruling in favor of the U.S. Federal Trade Commission (FTC). In a long-awaited and precedential ruling, the U.S. Court of Appeals for the third circuit upheld a 2014 ruling by a lower court in which Wyndham Worldwide Corp sought to have the case against the FTC dismissed. The lower court denied that motion, and the Circuit Court of Appeals granted interlocutory appeal on two issues: whether the FTC has authority to regulate cybersecurity under the unfairness prong of 15 U.S. Code § 45(a) and, if so, whether Wyndham had fair notice its specific cybersecurity practices could fall short of that provision.

Commissioner Julie Brill tweeted: that it was “a great win for @FTC & consumers. We will continue to be tireless cop on beat of consumer.”

In affirming the lower court’s ruling 3-0, the Court of Appeals has permitted the case to move forward and determined that the FTC has authority to regulate corporate cybersecurity, and may pursue a lawsuit against corporations (in this case Wyndham) accusing them of failing to properly safeguard consumers’ information.

What happened? In 2008 and 2009, Wyndham had three incidents where hackers breached their computer systems and stole consumer data – mainly credit card data along with other personally identifiable information on over 619,000 consumers, totaling more than $10.6 million in fraudulent charges to those consumers. The FTC felt that Wyndham’s business practices put the consumers at risk.

Without a decision on the merits, here is what the appellate court noted about the FTC’s arguments that Wyndham failed to:

  1. Store payment card information securely (stored in clear text);
  2. Require complex passwords to access the systems (permitted easy-to-guess passwords);
  3. Use common security practices, such as firewalls, to limit access;
  4. Control network access with appropriate cybersecurity precautions (permitted outdated operating systems, used default passwords, lacked appropriate policies, and failed to inventory connected devices);
  5. Restrict third party access to networks;
  6. Employ reasonable measures to detect and prevent unauthorized access to its computer network or to conduct security investigations; and
  7. Follow proper incident response procedures (hackers used the same method each time).

Although not before the court on appeal, “the complaint also raises a deception claim, alleging that since 2008 Wyndham has published a privacy policy on its website that overstates the company’s cybersecurity.”

Awaiting this decision eagerly, the privacy community (and other communities as well) have debated whether Wyndham’s argument that unless the FTC publishes a cybersecurity guide detailing the standards to which it expects companies to uphold, the FTC cannot pursue a company for unfair cybersecurity practices. The Court of Appeals demolished this belief. “In sum, we have little trouble rejecting Wyndham’s fair notice claim,” Circuit Judge Thomas Ambro said. He held that Wyndham failed to show that its alleged conduct “falls outside the plain meaning of ‘unfair.'”

So while cybersecurity itself may not necessarily be within the purview of the FTC, unfair business practices are – and shoddy cybersecurity is unfair to consumers.

My recommendations: update your cybersecurity program, review your online privacy statement for accuracy, and for goodness sake – if you have a breach, plug the durn hole.

Revenge Porn – Cyber Rape – what is it and what can we do to stop it?

Having non-consensual nude photos of you posted online – revenge porn or cyber rape – is a problem few ever imagined we would have. Revenge porn, a form of cyberbullying, is a problem that destroys lives and careers, yet is not adequately addressed by laws.

Last week I attended the Berkeley Center for Law and Technology’s Privacy Law Forum in Silicon Valley #BCLTPrivacy. The lunchtime keynote speaker was Danielle Keats Citron, professor of law at the University of Maryland law school, who spoke on Revenge Porn, Hate Crimes, and what Silicon Valley and the law should do now. Riveting topic. Heartbreaking topic.

One would have to be living completely off the radar to not be aware of the issue of revenge porn. However, it only takes living a normal life to be unaware of the prevalence and damage of revenge porn. As I listened to Citron speak, I was horrified, saddened, outraged, and driven to help.

The lady who founded the Cyber Civil Rights Legal Initiative, Holly Jacobs, was a victim of revenge porn. Private pictures and videos of her nude that had been shared only with a partner started popping up seemingly everywhere and not just on revenge porn sites – no, on Facebook and popular online dating sites – with titles inferring she slept with her students, included contact information, family names, work information, etc. She was not able to get all websites to remove the photos, and those that would wanted to charge her (blackmail essentially) or jump through a bunch of hoops to prove she was the individual in the pictures and she had the right to revoke authorization or prove she never provided authorization. How do you prove something that never happened? She wound up changing her name and trying to help others.

Danish journalist Emma Holten took another tactic, one similarly used  by Jennifer Lawrence when nude pictures were leaked. They both responded with their own version of nude pictures. The key difference had nothing to do with whether you and I see their pictures, it has to do with their choice, their consent. I remember how many people criticized Jennifer – how could she oppose the leaked photos when she released her own photos? and other similar stupidities uttered in ignorance.



Revenge porn is not a rare event. The question is what can we do to help end this problem? Many laws addressing cybercrimes involve communications with that person directly. Revenge porn is not usually communicating with that person. It’s posting nonconsensual sexually explicit photos without that person’s consent, often with other personal information, often pretending to be that person, and even using photoshop to mock up nude pictures. Suggesting that the individual desires a rape scenario, with information identifying where the person will be at a particular time.

The solution is not to tell people to stop sharing such photos (although prudent people probably shouldn’t share such images). We live in a technological world where people can form relationships around the world. Certain relationships are formed on intimacy and technology provides a forum to be intimate. That is another debate. But don’t try to solve this problem the way people used to (some still do) try to solve rape by blaming the victim. Blame the criminal. period.

Social media companies need to ban such material, like Facebook recently took a major step, as did Twitter. States need to pass laws that truly address the problem. Law enforcement need to train personnel how to interact with a victim of this type of cybercrime.

This is not a feminist issue as alleged by some authors. It is not a misogynist issue as alleged by others. It’s a human issue with the goal to destroy someone’s life through technology, in the most base, vulgar way possible – ways which encourage someone who wishes to do physical harm to another to do so.